Data management at Microsoft

How we manage and protect customer data


How Microsoft categorizes data

Administrator data is the information about administrators supplied during signup, purchase, or administration of Microsoft services, such as names, phone numbers, and email addresses. It also includes aggregated usage information and data associated with your account, such as the controls you select. We use administrator data to provide services, complete transactions, service the account, and detect and prevent fraud.

Customer data is all data, including text, sound, video, or image files and software, that you provide to Microsoft or that is provided on your behalf through your use of Microsoft enterprise online services, excluding Microsoft Professional Services. For example, it includes data that you upload for storage or processing, as well as applications that you upload for distribution through a Microsoft enterprise cloud service.

Customer content is a subset of customer data and includes, for example, Exchange Online email and attachments, Power BI reports, SharePoint Online site content, or IM conversations.

Object metadata is information provided by you, or on your behalf, that is used to identify or configure Online Service resources, such as software, systems, or containers, but does not include their content or user identities. Examples include the names and technical settings of Azure Storage accounts, Virtual Machines, SQL Databases and of their tables, column headings, and forms. Customers should not include personal data or other sensitive information in object metadata because object metadata may be shared across global Microsoft systems to facilitate operations and troubleshooting.

Payment data is the information you provide when making online purchases with Microsoft. It may include a credit card number and security code, name and billing address, and other financial data. We use payment data to complete transactions, as well as to detect and prevent fraud.

Personal data means any information relating to an identified or identifiable natural person. In other words, personal data is any data that is associated with a specific person. Personal data provided by our customers through their use of the service, such as the names and contact information of customer end users, would also be customer data. But personal data could also include certain data that is not customer data, such as the user id our service assigns to each user; such personal data is considered pseudonymous because it alone cannot identify the individual.

Support and Consulting data means all data, including all text, sound, video, image files, or software, that are provided to Microsoft by, or on behalf of, Customer (or that Customer authorizes Microsoft to obtain from an Online Service) through an engagement with Microsoft to obtain Professional Services or Support. This may include information collected over phone, chat, e-mail, or web form. It may include description of problems, files transferred to Microsoft to resolve support issues, automated troubleshooters, or by accessing customer systems remotely with customer permission. It does not include administrator data or payment data.